Day: November 7, 2017

How the Dark Web works

Beneath our everyday internet lurks a murky network of encrypted sites known as the Dark Web. Is it all bad? No. But it does fuel a lucrative criminal subculture that could threaten businesses and consumers.

The Dark Web is an ominous network of shadowy hackers hellbent on stealing company data, overthrowing the country, and selling drugs to your kids with Bitcoin.

Or is it? The hidden and encrypted internet enables hackers and activists and criminals. It’s also a wonderful source for shocking headlines and salacious YouTube stories, and a communication and privacy-enhancing platform. Powered by a network of encrypted websites and accessible only by using a complex set of security tools, the Dark Web is as intriguing as it is beguiling. To understand the realities of the hidden internet, better grab a flashlight.

The Dark Web and the deep web are terms often confused and used interchangeably. The deep web is a term that refers to sites and pages unavailable to the general public and not indexed by traditional search engines, like corporate intranet sites, private social media posts, and pages with nofollow search tags.

Cybersecurity spotlight: The ransomware battle

Originally Published: Aug 2016

Ransomware is an escalating, increasingly sophisticated threat—and no one seems to be immune. This ebook looks at how the malware works, who it’s affecting, steps to avoid it, and what to do if you’re attacked.

Although ransomware initially targeted home users, it is spreading quickly into the enterprise. Recent reports from security firms such as Kaspersky, Symantec, and FSecure offer a scary view of how ransomware attacks are evolving, spinning off new variants and upping the ante as hackers go after lucrative targets like universities and hospitals.

From the ebook:

Tips for IT leaders
To prevent a ransomware attack, experts say IT and information security leaders should do the following:

Keep clear inventories of all your digital assets and their locations so cybercriminals do not attack a system you are unaware of.

Keep all software up to date, including operating systems and applications.

Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.

Back up all information to a secure offsite location.

Segment your network: Don’t place all data on one file share accessed by everyone in the company.

Train staff on cybersecurity practices, emphasizing that they should not open attachments or links from unknown sources.

Develop a communication strategy to inform employees if a virus reaches the company network.

Before an attack happens, work with your board to determine whether your company will plan to pay a ransom or launch an investigation.

Perform a threat analysis in communication with vendors to go over cybersecurity throughout the lifecycle of a particular device or application.

Above the deep web hovers the clearnet, the traditional internet and mobile web used by billions of people around the world. The clearnet is secure, and encryption is used to move secure data from place to place all the time. SSL guards passwords and protects credit card information during e-commerce transactions. But the very nature of the clear internet is that anonymity is rare. Computer and mobile IP addresses are constantly logged and easily traced. Cookies help web marketers track online activity and analyze behavior.

What differentiates the so-called Dark Web is the method by which sites are accessed. The Dark Web, or darknet, is a network of sites with encrypted content, accessible only with a secure suite of secure-browsing tools, like Tor. Tor — an acronym for the onion router — is a package of open-source security tools written for a customized version of the Mozilla Firefox browser, compatible with Windows, OS X, and Linux. The software encrypts user traffic and passes the IP address through the complex of Tor nodes.

These ‘onion layers’ help protect the user’s anonymity and provide access to similarly protected websites. These sites range from forums to wiki pages to blogs and function much like clearnet sites. Dark Web domains frequently employ non-memorable, hashed URLs with the .onion top level domain. These sites block inbound traffic from all non-secure internet connections.

Personal and work computers often house mission-critical data, like sensitive files, passwords, and health records. Because Tor can be used and the Dark Web can be accessed on a traditional home PC, security professionals rely on additional security tools like the Tails operating system. Tails is a Linux distribution that can be installed on and run from a portable flash drive. By accessing the Dark Web via Tails, user behavior is never logged locally, and it is significantly more challenging for malicious software to harm the host PC.

The Dark Web is a deep well of dastardly villains, anonymous hackers, hitmen, and drug traffickers. Myth or reality, the new documentary film Down the Deep Dark Web will do nothing to dispel the notion that the Deep Web, a network of private sites accessible only by using an encryption-friendly browser, is a dangerous place.

And that’s a good thing.

The film, which was co-produced by Duki Dror and Tzachi Schiff and debuts at the Jerusalem Film Festival on July 16th, is a flashlight of a documentary produced by Zygote Films that trails journalist Yuval Orr as he illuminates the people who occupy the hidden, encrypted internet. The film travels through scenic locations from Israel to Europe and, through a series of interviews with cryptoanarchists, traffickers, hackers, and security experts, explores the personalities that operate on the Dark Web.

Orr’s documentary also explores ideas about security and privacy, and is at times deeply technical. Experts and activists alike are thoughtfully interviewed about both the mechanics and philosophy of how secure communication helps insure free thought. Sandwiched between banter about tech regulation and the potential of Bitcoin are quiet conversations about why the general public should care about how encryption works.

The Dark Web is important, the film argues, and hacker culture is important.The premise, presented with a Vice-style dramatic panache, is always entertaining. The movie is loaded with neo-Gonzo Journalism tropes and crafted to appeal to hacktivists, EFF-hardliners, Bitcoin evangelicals, and techno-pundits. For that market in particular, the movie’s aesthetic effectively communicates basic information about the Dark Web.

Filmmaker and journalist Yuval Orr is also a technologist and created a film that tech insiders will appreciate. He spoke to TechRepublic about his approach to making the documentary and his relationship with technology.

Explain your thoughts on creating a film about the Dark Web.

When we first started working on the film our focus was very much on the “dark” side of the Dark Web. [We were] looking at the online drug and gun markets, forums for stolen credit cards, malware, and much worse. Then at a certain point we realized that all of this had already been covered in a thousand different media, all of them drumming up a lot of noise about everything scary and evil that the average citizen has to fear about the dark web. Hell, the name itself was meant to conjure up this shadowy image of a place you and I would never want to venture into.

But when we started looking deeper, we realized there was much more to this hidden corner of the cloud than met the eye. The co-directors and I started by looking in one place, and by the end of the process we were going in the exact opposite direction, from believing that the Dark Web … is an embodiment of the worst of human society to the belief that it just might hold the promise for something better. In the end, I think the reality is that the technology holds both [good and bad] at once, and it’s up to those who are developing, maintaining, and using it to determine which way it will ultimately take us.

We wanted to give the viewer the sense that they were watching the film unfold on my computer. We created a visual language that felt very YouTubey, with a lot of jumping windows, quick cuts, and short syncs that are fast-paced and resemble the kind of thousand-tabs-open-at-once browsing that our generation is so accustomed to.I was also exposed to a lot of new technology over the course of making the film. There was, of course, Bitcoin, which I bought and used for the first time in my life. But also a sort of old school technology, like the private IRC chat rooms that I used to communicate with two of the film’s protagonists, Smuggler and Frank Braun.

Why should business and individuals care about the Dark Web?

The Dark Web has largely been portrayed as a challenge for businesses to overcome, rather than an opportunity for them to explore. The most ready example is the credit card companies that hire cybersecurity firms, many of them in Israel, to monitor carder forums in the Dark Web and track down the criminals behind them.

But I think there’s an opportunity on the privacy and free speech side of the debate that should be explored: why aren’t microblogging sites like WordPress and Tumblr developing services for the [Dark Web]?

The war against encryption—which has cropped up of late with claims that ISIS has used encryption to hide its communication, or the FBI vs Apple case—is a long game, and the Dark Web is just the latest iteration.

Cybersecurity spotlight: The critical labor shortage

An escalating shortage of information security professionals is prompting industry experts to predict a grave outcome. Violet Blue explores the infosec labor shortage and its causes and consequences.

There’s never been a greater need to hire security professionals to protect and defend infrastructures from the onslaught of organized crime, industrial espionage, and nation-state attacks. See why a small talent pool, an inflated wage bubble, and the high tensions of a virulent attack landscape have made cybersecurity’s hiring crisis the “billion dollar problem.”

The cryptoanarchist crowd holds that they’ll win out in the end because encryption will always develop faster than any given government’s ability to crack it. So, sure the US government managed to shut down the original Silk Road, but it took a joint task force of the FBI, DEA, and Secret Service to do so. All that to shut down a single site, which has since been replaced by a 2.0 and 3.0 version. The same holds for Darkode, a site that sold various hacking tools, which was taken down by an international task force with the FBI at the head and some 20 countries.

What does that mean for us? It means we’re living in an increasingly uncertain online world. The cybersecurity industry is sure to balloon to keep up with new threats that seem to crop up every week. One hopes that the upside will be an increasing awareness, and use, of encryption by average users.

Can you help us understand the future of the Dark Web?

To hear the cryptoanarchist crowd tell it, we’ll soon be doing all our shopping on the Dark Web, avoiding government regulation, and taxation to buy goods and services we’d otherwise not have access to, or just buying them cheaper than we would elsewhere. I think that’s a real possibility, but it requires a level of comfort and familiarity with technology like Tor that simply doesn’t exist at the moment.

I suppose my biggest hope is that more people familiarize themselves with [encryption] and other tech, and that the Dark Web will stop being seen strictly as the last frontier of evil, and rather as a home to new ways of thinking about community and of accessing information.

Yet it is also true that the Dark Web is an opaque, sometimes twisted, reflection of the clearnet. Crime is profligate. Black markets enable the morally libertine to profit handsomely in Bitcoin. The most famous Dark Web market, the Silk Road, allowed vendors and buyers to conduct business anonymously and enabled the sale of drugs, guns, humans, identities, credit card numbers, zero-day exploits, and malicious software. The site was raided and shut down by the FBI in 2013, but the idea of an anonymous, encrypted black market spread rapidly. Today, the site Deep Dot Web lists dozens of Dark Web markets.

“The Dark Web operates a lot like the clear web,” said Emily Wilson, Director of Analysis at security firm Terbium Labs. “The same crime that happens off line, all the time, also happens on the Dark Web.” In many ways, she said, because it’s relatively easy to visit Dark Web markets, it’s sometimes easier to see criminal activity as it happens.

Although it’s not necessary for the layperson to visit the Dark Web often, if ever, every consumer is at risk of identity theft and should have a basic understanding of how the encrypted internet functions. Businesses should be aware that data from hacked companies and the government is easy to find and purchase on the encrypted internet. A number of companies, including Tripwire, ID Agent, and Massive, monitor the Dark Web and help businesses respond to Dark Web data leaks.

The Dark Web is not entirely malicious, but it’s also not a safe place to visit. Novices and experts alike should exercise care and caution when visiting the Dark Web. ZDNet does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use the Dark Web safely, and for legal purposes only.

The Dark Web — like encryption — is a double-edged sword. The hidden internet enables both good and bad actors to work uninhibited anonymously. And like encryption, the Dark Web is a reality for both consumers and business. Companies need to know about the Dark Web, Wilson said, and they need to be prepared for incidents to occur.

But consumers and companies shouldn’t overreact to perceived threats. The Dark Web is not enormous. “Compared to the clearnet, the Dark Web is maybe a few thousand, or few hundred thousand [sites.],” Wilson explained. “Only a few thousand return useful content, and compared to the clearnet there’s tiny amount of regular Tor users.”

ABOUT THE AUTHOR

Disclaimer: The opinions, beliefs and viewpoints expressed by the various author(s), publisher(s) and forum participant(s) on this web site do not necessarily reflect the opinions, beliefs and viewpoints of the @SmitaNairJain or official policies of the #SmitaNairJain

TEDx Talksr | Break The Shackles To Climb The Ladder | Smita Nair Jain | TEDxIIMRaipur | “Women empowerment for me is the power and freedom to choose my own opportunities and enhancing my capabilities to do what I really want to do.” She is one of the new generation management gurus who throws new light on corporate behavior and particularly its global aspect. She is also one of the best keynote speakers of all times. This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at http://ted.com/tedx